EP0067340B1 - Method for key transmission - Google Patents

Method for key transmission Download PDF

Info

Publication number
EP0067340B1
EP0067340B1 EP82104678A EP82104678A EP0067340B1 EP 0067340 B1 EP0067340 B1 EP 0067340B1 EP 82104678 A EP82104678 A EP 82104678A EP 82104678 A EP82104678 A EP 82104678A EP 0067340 B1 EP0067340 B1 EP 0067340B1
Authority
EP
European Patent Office
Prior art keywords
code
station
key
transmission
catchword
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired
Application number
EP82104678A
Other languages
German (de)
French (fr)
Other versions
EP0067340A1 (en
Inventor
Wernhard Dipl.-Ing. Markwitz
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP0067340A1 publication Critical patent/EP0067340A1/en
Application granted granted Critical
Publication of EP0067340B1 publication Critical patent/EP0067340B1/en
Expired legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the invention relates to a method for key transmission, in which a key is agreed between a sending and a receiving station for the encrypted transmission of messages, and in which a key device is contained in the sending and the receiving station, each with its own Station key is assigned.
  • the invention is therefore based on the object of specifying a method which, when used, ensures that messages are only transmitted to the desired station.
  • the method according to the invention has the advantage that a secure transfer of keys between the stations takes place in a simple manner and without a central distribution of keys, and it is very difficult for third parties to get to know the keys. It is only necessary to agree on secret slogans known to both stations.
  • the security of the key transmission is further increased if the key is encrypted with a secret fourth password known to both stations in the sending station prior to encryption with its own station key, and with the fourth password in the receiving station after decryption with its own station key is decrypted.
  • the slogans are not agreed between two stations from the beginning, it is advantageous if, before the transmission of a key without using the slogans, a transmission of a key is carried out using physically distributed device-specific keys. This is the case, for example, if, after establishing a connection between the two stations, a trial operation is initially set up or less important messages are exchanged.
  • a separate key is transmitted for each transmission direction using the slogans.
  • the same slogans can be agreed for both directions of transmission.
  • messages for example data
  • the data are transmitted from a sending station A to a receiving station B.
  • the data are output by a data terminal device DE1 as send data SD1 to a key device SG1.
  • This encrypts the data and transmits it via a transmission unit U1 and a long-distance line FL to a transmission unit U2 of the receiving station B.
  • the encrypted data arrive at a key device SG2, which decrypts them and delivers them as reception data ED2 to a data terminal device DE2.
  • data is transmitted in the opposite direction, it is output by the data terminal device DE2 as send data SD2 and encrypted in the key device SG2.
  • the data is decrypted again and sent to the data terminal device DE1 as received data ED1.
  • the data in the key devices SG1 and SG2 are encrypted and decrypted using a key that is valid for the current process.
  • the same key can be used for transmission in both directions, or different keys can be agreed.
  • data is only transmitted from the sending station A to the receiving station B.
  • the key device SG1 in station A generates the current key and a station key SA using a random generator.
  • the key is used to encrypt the data subsequently transmitted.
  • the key is transmitted in a dialog between stations A and B, the stations using known secret slogans which are stored in memories of key devices SG1 and SG2.
  • the individual encryption and decryption processes in stations A and B are represented by corresponding boxes labeled V and E, respectively.
  • the encryption or decryption is carried out, for example, in accordance with a modulo-2 addition.
  • encryption and decryption are carried out with one of the slogans P1 to P3.
  • the key can be encrypted with another password PO in station A and decrypted with this password PO in station B.
  • the slogans PO to P3 which have the binary values shown, for example, were agreed before the key was transferred.
  • the key device SG1 has generated a current key S and a temporary station key SA
  • the key S is first encrypted with the password PO.
  • the result is then encrypted with the station key SA and additionally encrypted with the password P1 before the transmission to station B.
  • encryption is carried out according to a modulo-2 addition.
  • station B the influence of password P1 is first removed and the rest is encrypted with a temporary station key SB generated there. This cipher is encrypted with the password P2 and sent back to station A.
  • the influence of the slogan P2 is reversed and the rest is deciphered with the station key SA.
  • the Vogang repeats in the opposite direction if another key is used for this transmission direction.
  • station B When data is transmitted in both directions, the Vogang repeats in the opposite direction if another key is used for this transmission direction.
  • station B For the transmission of the further key it is possible to use the same slogans PO to P3 or to agree further slogans. It is also conceivable to transmit the keys in both directions simultaneously. In this case, only a further transmission from station B to station A is required.
  • new keys can be transmitted at a later time for transmission in one or in both directions with or without slogans, the exchange being encrypted with the old key . If the transmission takes place using slogans, the same slogans or other agreed slogans can be used. It is also possible to use slogans to set up the connections for the first time using physically distributed keys before transmitting keys. If the transfer is then sufficiently secure, the exchange of keys can be started using slogans.
  • each key device contains a key generator G1 and G2, in which the temporary keys SA and SB are generated using a random generator.
  • the key S can be generated and stored in the key generator G1, while in the example carried out it can only be stored in the key generator G2.
  • an encryption level V1 the key S is encrypted according to the functional diagram in FIG. 2 with the password P0, the station key SA and the password P1.
  • the cipher is transmitted via the transmission unit U1 and the long-distance line FL to the transmission unit U2 and the key device SG2.
  • a decryption level E2 the cipher is decrypted with the password 1 and then encrypted with the station key SB and the password P2 in an encryption level V2.
  • This cipher is transmitted again via the long-distance line FL and arrives in the key device SG1 at a decryption stage E1 provided there, which decrypts the influence of the password P2, and decrypts the rest with the station key SA and then encrypts it with the password P3 and transmits it back to station B.
  • the decryption stage E2 decrypts the cipher with the password P3, the station key SB and the password PO and in this way obtains the key S, which is temporarily stored in the key generator G2.
  • transmission of transmission data SD1 can be started, which are encrypted with the key S in the encryption stage V1 and decrypted with the stored key S in the decryption stage E2 and are output as receive data ED2. If the same key is used for a transmission of the data in the opposite direction, the transmission data SD2 are supplied to the encryption level V2, at which the key S is also present. In a corresponding manner, the data transmitted in encrypted form is decrypted in the decryption stage E1 using the key S and output as received data ED1.

Description

Die Erfindung bezieht sich auf ein Verfahren zur Schlüsselübertragung, bei dem zwischen einer sendenden und einer empfangenden Station zur verschlüsselten Übertragung von Nachrichten ein Schlüssel vereinbart wird, und bei dem in der sendenden und in der empfangenden Station jeweils ein Schlüsselgerät enthalten ist, dem jeweils ein eigener Stationsschlüssel zugeordnet ist.The invention relates to a method for key transmission, in which a key is agreed between a sending and a receiving station for the encrypted transmission of messages, and in which a key device is contained in the sending and the receiving station, each with its own Station key is assigned.

Es ist allgemein bekannt, (siehe z. B. GB-A-2 050 021) bei einer verschlüsselten Übertragung von Nachrichten zwischen zwei Stationen in diesen Stationen jeweils ein Schlüsselgerät vorzusehen. In der sendenden Station werden von einer Endeinrichtung abgegebene Nachrichten mittels des Schlüsselgeräts verschlüsselt und unter Verwendung einer Übertragungseinheit an eine Fernleitung abgegeben. In der empfangenden Station werden die mittels einer dortigen Übertragungseinheit empfangenen Nachrichten unter Verwendung des dortigen Schlüsselgeräts verschlüsselt und an eine empfangende Endeinrichtung abgegeben. Zwischen den Übertragungseinheiten können Standverbindungen oder ein Nachrichtennetz, beispielsweise ein Durchschaltewählnetz oder ein Nachrichtennetz mit speichernden Netzknoten eingeschaltet sein.It is generally known (see, for example, GB-A-2 050 021) to provide a key device for encrypted transmission of messages between two stations in these stations. In the sending station, messages delivered by a terminal are encrypted using the key device and sent to a trunk line using a transmission unit. In the receiving station, the messages received by means of a transmission unit there are encrypted using the key device there and sent to a receiving terminal. Leased lines or a communications network, for example a switched-through dialing network or a communications network with storing network nodes, can be connected between the transmission units.

Es wird häufig gewünscht, in einem Nachrichtennetz neben einer offenen, auch eine verschlüsselte Übertragung von Nachrichten zwischen zwei beliebigen Stationen durchzuführen. Die Kenntnisnahme der Nachrichten durch Dritte soll dabei erschwert sein. Der für eine Übertragung erforderliche Schlüssel kann zwischen den Stationen im Dialog vereinbart werden. Eine Authentikation, d. h. der Nachweis, daß die Übertragung tatsächlich mit der gewünschten Station erfolgt, ist dabei jedoch nicht gewährleistet.It is often desired in an information network to carry out not only an open, but also an encrypted transmission of messages between any two stations. Acknowledgment of the news by third parties is said to be difficult. The key required for a transmission can be agreed in dialogue between the stations. Authentication, i.e. H. however, there is no guarantee that the transmission will actually take place at the desired station.

Der Erfindung liegt daher die Aufgabe zugrunde, ein Verfahren anzugeben, bei dessen Verwendung sichergestellt ist, daß Nachrichten nur zu der gewünschten Station übertragen werden.The invention is therefore based on the object of specifying a method which, when used, ensures that messages are only transmitted to the desired station.

Erfindungsgemäß wird die Aufgabe bei dem Verfahren der eingangs genannten Art gelöst durch die zeitliche Aufeinanderfolge folgender Verfahrensschritte

  • a) die sendende Station verschlüsselt den Schlüssel mit dem eigenen Stationsschlüssel und einer beiden Stationen bekannten geheimen ersten Parole und sendet ihn zur empfangenden Station,
  • b) die empfangende Station entschlüsselt den chiffriert übertragenen Schlüssel mit der ersten Parole verschlüsselt ihn mit dem eigenen Stationsschlüssel und einer zweiten, beiden Stationen bekannten geheimen Parole und sendet ihn zur sendenden Station zurück,
  • c) die sendende Station entschlüsselt den chiffrierten Schlüssel mit der zweiten Parole und dem eigenen Stationsschlüssel verschlüsselt ihn mit einer beiden Stationen bekannten geheimen dritten Parole und überträgt ihn zur empfangenden Station,
  • d) die empfangende Station entschlüsselt den chiffrierten Schlüssel mit der dritten Parole und dem eigenen Stationsschlüssel und erhält den Schlüssel.
According to the invention, the object is achieved in the method of the type mentioned at the outset by the chronological sequence of subsequent method steps
  • a) the sending station encrypts the key with its own station key and a secret first password known to both stations and sends it to the receiving station,
  • b) the receiving station decrypts the encrypted key transmitted with the first password, encrypts it with its own station key and a second secret password known to both stations and sends it back to the transmitting station,
  • c) the sending station decrypts the encrypted key with the second password and the own station key encrypts it with a secret third password known to both stations and transmits it to the receiving station,
  • d) the receiving station decrypts the encrypted key with the third password and its own station key and receives the key.

Das Verfahren gemäß der Erfindung hat den Vorteil, daß auf einfache Weise und ohne eine zentrale Verteilung von Schlüsseln, eine gesicherte Übertragung von Schlüsseln zwischen den Stationen erfolgt, und es für Dritte sehr erschwert wird, von den Schlüsseln Kenntnis zu erhalten. Es ist hierzu lediglich erforderlich, beiden Stationen bekannte, geheime Parolen zu vereinbaren.The method according to the invention has the advantage that a secure transfer of keys between the stations takes place in a simple manner and without a central distribution of keys, and it is very difficult for third parties to get to know the keys. It is only necessary to agree on secret slogans known to both stations.

Die Sicherheit der Schlüsselübertragung wird noch weiter erhölt, wenn der Schlüssel in der sendenden Station vor der Verschlüsselung mit dem eigenen Stationsschlüssel mit einer beiden Stationen bekannten geheimen vierten Parole verschlüsselt wird, und in der empfangenden Station nach dem Entschlüsseln mit dem eigenen Stationsschlüssel mit der vierten Parole entschlüsselt wird.The security of the key transmission is further increased if the key is encrypted with a secret fourth password known to both stations in the sending station prior to encryption with its own station key, and with the fourth password in the receiving station after decryption with its own station key is decrypted.

Falls zwischen zwei Stationen nicht von Anfang an die Parolen vereinbart werden, ist es vorteilhaft, wenn vor der Übertragung eines Schlüssels un'er Verwendung der Parolen eine Übertragung eines Schlüssels unter Verwendung von physischen verteilten gerätespezifischen Schlüsseln erfolgt. Dies ist beispielsweise dann der Fall, wenn nach dem Herstellen einer Verbindung zwischen den beiden Stationen zunächst ein Probebetrieb aufgebaut wird oder weniger wichtige Nachrichten ausgetauscht werden.If the slogans are not agreed between two stations from the beginning, it is advantageous if, before the transmission of a key without using the slogans, a transmission of a key is carried out using physically distributed device-specific keys. This is the case, for example, if, after establishing a connection between the two stations, a trial operation is initially set up or less important messages are exchanged.

Falls zwischen den Stationen unter Verwendung von Parolen bereits ein Schlüssel vereinbart wurde, ist es zur Erhöhung der Sicherheit der Übertragung vorteilhaft, wenn nach der Übertragung eines Schlüssels mittels der Parolen zu einem späteren Zeitpunkt weitere Schlüssel unter Verwendung von Parolen übertragen werden. Hierbei ist es günstig, wenn die Übertragung der weiteren Schlüssel mit den jeweils vorhergehenden Schlüsseln verschlüsselt erfolgt.If a key has already been agreed between the stations using slogans, it is advantageous to increase the security of the transmission if, after the transmission of a key using the slogans, further keys are subsequently transmitted using slogans. It is advantageous if the transmission of the further keys is encrypted with the previous keys.

Zur Erhöhung der Sicherheit der übertragenen Nachrichten ist es auch vorteilhaft, wenn für jede Übertragungsrichtung ein eigener Schlüssel unter Verwendung der Parolen übertragen wird. Für beide Übertragungsrichtungen können dabei die gleichen Parolen vereinbart werden. Es erweist sich jedoch als zweckmäßig, wenn die Übertragung der Schlüssel für beide Übertragungsrichtungen unter Verwendung derselben Parolen erfolgt.To increase the security of the transmitted messages, it is also advantageous if a separate key is transmitted for each transmission direction using the slogans. The same slogans can be agreed for both directions of transmission. However, it proves to be expedient if the keys are transmitted for both directions of transmission using the same slogans.

Im folgenden wird eine Durchführung des erfindungsgemäßen Verfahrens anhand von Zeichnungen näher erläutert. Es zeigen :

  • Figur 1 ein Blockschaltbild einer Übertragungsanordnung,
  • Figur 2 ein Funktionsschaltbild und
  • Figur 3 ein Blockschaltbild von Teilen von Schlüsselgeräten.
An implementation of the method according to the invention is explained in more detail below with the aid of drawings. Show it :
  • FIG. 1 shows a block diagram of a transmission arrangement,
  • Figure 2 is a functional diagram and
  • Figure 3 is a block diagram of parts of key devices.

Bei der in Fig. 1 dargestellten Übertragungsanordnung werden Nachrichten, beispielsweise Daten, von einer sendenden Station A zu einer empfangenden Station B übertragen. Die Daten werden von einer Datenendeinrichtung DE1 als Sendedaten SD1 zu einem Schlüsselgerät SG1 abgegeben. Dieses verschlüsselt die Daten und überträgt sie über eine Übertragungseinheit U1 und eine Fernleitung FL zu einer Übertragungseinheit U2 der empfangenden Station B. Dort gelangen die verschlüsselten Daten an ein Schlüsselgerät SG2, das diese entschlüsselt und als Empfangsdaten ED2 an eine Datenendeinrichtung DE2 abgibt. Bei einer Übertragung von Daten in umgekehrter Richtung werden diese von der Datenendeinrichtung DE2 als Sendedaten SD2 abgegeben und im Schlüsselgerät SG2 verschlüsselt. Im Schlüsselgerät SG1 der nun empfangenden Station A werden die Daten wieder entschlüsselt und als Empfangsdaten ED1 an die Datenendeinrichtung DE1 abgegeben.In the transmission arrangement shown in FIG. 1, messages, for example data, are transmitted from a sending station A to a receiving station B. The data are output by a data terminal device DE1 as send data SD1 to a key device SG1. This encrypts the data and transmits it via a transmission unit U1 and a long-distance line FL to a transmission unit U2 of the receiving station B. There, the encrypted data arrive at a key device SG2, which decrypts them and delivers them as reception data ED2 to a data terminal device DE2. When data is transmitted in the opposite direction, it is output by the data terminal device DE2 as send data SD2 and encrypted in the key device SG2. In the key device SG1 of the now receiving station A, the data is decrypted again and sent to the data terminal device DE1 as received data ED1.

Die Ver- und Entschlüsselung der Daten in den Schlüsselgeräten SG1 und SG2 erfolgt unter Verwendung eines für den jeweils aktuellen Vorgang geltenden Schlüssels. Für eine Übertragung in beiden Richtungen kann der gleiche Schlüssel verwendet werden, oder es können unterschiedliche Schlüssel vereinbart werden. Im folgenden wird aus Gründen der Anschaulichkeit angenommen, daß nur von der senden Station A Daten zur empfangenden Station B übertragen werden. Das Schlüsselgerät SG1 in der Station A erzeugt unter Verwendung eines Zufallsgenerators den aktuellen Schlüssel und einen Stationsschlüssel SA. Mit dem Schlüssel sollen die nachfolgend übertragenen Daten verschlüsselt werden. Die Übertragung des Schlüssels erfolgt im Dialog zwischen den Stationen A und B, wobei den Stationen bekannte geheime Parolen verwendet werden, die in Speichern der Schlüsselgeräte SG1 und SG2 gespeichert sind.The data in the key devices SG1 and SG2 are encrypted and decrypted using a key that is valid for the current process. The same key can be used for transmission in both directions, or different keys can be agreed. For reasons of clarity, it is assumed below that data is only transmitted from the sending station A to the receiving station B. The key device SG1 in station A generates the current key and a station key SA using a random generator. The key is used to encrypt the data subsequently transmitted. The key is transmitted in a dialog between stations A and B, the stations using known secret slogans which are stored in memories of key devices SG1 and SG2.

Weitere Einzelheiten werden im folgenden zusammen mit dem in Fig. 2 dargestellten Funktionsschaltbild beschrieben.Further details are described below together with the functional diagram shown in FIG. 2.

Bei dem in Fig. 2 dargestellten Funktionsschaltbild sind die einzelnen Ver- und Entschlüsselungsvorgänge in den Stationen A und B durch entsprechende mit V bzw. E bezeichnete Kästchen dargestellt. Die Ver- bzw. Entschlüsselung erfolgt beispielsweise jeweils entsprechend einer modulo-2-Addition.In the functional circuit diagram shown in FIG. 2, the individual encryption and decryption processes in stations A and B are represented by corresponding boxes labeled V and E, respectively. The encryption or decryption is carried out, for example, in accordance with a modulo-2 addition.

Wahrend des Dialogs zwischen den Stationen A und B erfolgt jeweils eine Ver- bzw. Entschlüsselung mit einer der Parolen P1 bis P3. Zusätzlich kann der Schlüssel vor der Übertragung in der Station A mit einer weiteren Parole PO verschlüsselt und in der Station B mit dieser Parole PO entschlüsselt werden.During the dialogue between stations A and B, encryption and decryption are carried out with one of the slogans P1 to P3. In addition, the key can be encrypted with another password PO in station A and decrypted with this password PO in station B.

Es wird vorausgesetzt, daß die Parolen PO bis P3, die beispielsweise die dargestellten Binärwerte haben, vor der Übertragung des Schlüssels vereinbart wurden. Wenn das Schlüsselgerät SG1 einen aktuellen Schlüssel S und einen temporären Stationsschlüssel SA erzeugt hat, wird der Schlüssel S zunächst mit der Parole PO verschlüsselt. Das Ergebnis wird anschließend mit dem Stationsschlüssel SA verschlüsselt und vor der Übertragung zur Station B zusätzlich mit der Parole P1 verschlüsselt. Die Verschlüsselung erfolgt im dargestellten Beispiel entsprechend einer modulo-2-Addition. In der Station B wird zunächst der Einfluß der Parole P1 beseitigt und der Rest wird mit einem dort erzeugten temporären Stationsschlüssel SB verschlüsselt. Dieses Chiffrat wird mit der Parole P2 verschlüsselt und an die Station A zurückgeschickt. In der Station A wird der Einfluß der Parole P2 rückgängig gemacht und der Rest wird mit dem Stationsschlüssel SA dechiffriert. Es wird dabei vorausgesetzt, daß die Chiffrier- und Dechiffrierfunktionen vertauschbar sind, was bei der modulo-2-Addition der Fall ist. Das Ergebnis der Dechiffrierung wird mit der Parole P3 modifiziert und zur Station B zurückgesendet. In der Station B wird der Einfluß der Parole P3 beseitigt un der Rest wird mit dem Stationsschlüssel SB dechiffriert. Anschließend wird der Einfluß der Parole PO rückgängig gemacht, so daß in der Station B der Schlüssel S zur Verfügung steht und mit einer verschlüsselten Übertragung der Nachrichten begonnen werden kann.It is assumed that the slogans PO to P3, which have the binary values shown, for example, were agreed before the key was transferred. If the key device SG1 has generated a current key S and a temporary station key SA, the key S is first encrypted with the password PO. The result is then encrypted with the station key SA and additionally encrypted with the password P1 before the transmission to station B. In the example shown, encryption is carried out according to a modulo-2 addition. In station B, the influence of password P1 is first removed and the rest is encrypted with a temporary station key SB generated there. This cipher is encrypted with the password P2 and sent back to station A. In station A, the influence of the slogan P2 is reversed and the rest is deciphered with the station key SA. It is assumed that the encryption and decryption functions are interchangeable, which is the case with the modulo-2 addition. The result of the decryption is modified with the password P3 and sent back to station B. In station B the influence of the password P3 is removed and the rest is deciphered with the station key SB. The influence of the password PO is then reversed, so that the key S is available in station B and an encrypted transmission of the messages can be started.

Bei einer Übertragung von Daten in beiden Richtungen wiederholt sich der Vogang in umgekehrter Richtung, falls für diese Übertragungsrichtung ein anderer Schlüssel verwendet wird. In diesem Fall erzeugt die Station B den weiteren Schlüssel. Für die Übertragung des weiteren Schlüssels ist es möglich, die gleichen Parolen PO bis P3 zu benutzen oder weitere Parolen zu vereinbaren. Es ist auch denkbar, die Schlüssel jeweils gleichzeitig in beiden Richtungen zu übertragen. In diesem Fall ist lediglich eine weitere Übertragung von der Station B zur Station A erforderlich.When data is transmitted in both directions, the Vogang repeats in the opposite direction if another key is used for this transmission direction. In this case, station B generates the further key. For the transmission of the further key it is possible to use the same slogans PO to P3 or to agree further slogans. It is also conceivable to transmit the keys in both directions simultaneously. In this case, only a further transmission from station B to station A is required.

Nach dem Austausch von Schlüsseln zwischen den Stationen A und B und einer anschließenden verschlüsselten Übertragung von Daten, können zu späteren Zeitpunkten neue Schlüssel für eine Übertragung in einer oder in beiden Richtungen mit oder ohne Parolen übertragen werden, wobei der Austausch mit dem alten Schlüssel verschlüsselt wird. Falls die Übertragung unter Verwendung von Parolen erfolgt, können dieselben Parolen oder weitere vereinbarte Parolen benutzt werden. Es ist auch möglich, vor einer Übertragung von Schlüsseln mit Hilfe von Parolen einen ersten Aufbau der Verbindungen unter Verwendung von physisch verteilten Schlüsseln herzustellen. Wenn die Übertragung dann genügend sicher ist, kann mit dem Austausch von Schlüsseln unter Verwendung von Parolen begonnen werden.After the exchange of keys between stations A and B and a subsequent encrypted transmission of data, new keys can be transmitted at a later time for transmission in one or in both directions with or without slogans, the exchange being encrypted with the old key . If the transmission takes place using slogans, the same slogans or other agreed slogans can be used. It is also possible to use slogans to set up the connections for the first time using physically distributed keys before transmitting keys. If the transfer is then sufficiently secure, the exchange of keys can be started using slogans.

Bei dem in Fig. 3 dargestellten Blockschaltbild sind diejenigen Teile der Schlüsselgeräte SG1 und SG2 dargestellt, die für die Durchführung des Verfahrens bei der Übertragung eines Schlüssels in einer Richtung erforderlich sind. In Speichern SP1 und SP2 sind die Parolen PO bis P3 gespeichert. Jedes Schlüsselgerät enthält einen Schlüsselgenerator G1 und G2, in dem unter Verwendung eines Zufallsgenerators die tempo rären Schlüssel SA bzw. SB erzeugt werden. Im Schlüsselgenerator G1 ist zusätzlich der Schlüssel S erzeugbar und speicherbar, während er im ausgeführten Beispiel im Schlüsselgenerator G2 nur speicherbar ist. In einer Verschlüsselungsstufe V1 wird der Schlüssel S entsprechend dem Funktionsschaltbild in Fig. 2 mit der Parole P0, dem Stationsschlüssel SA und der Parole P1 verschlüsselt. Das Chiffrat wird über die Übertragungseinheit U1 und die Fernleitung FL zur Übertragungseinheit U2 und das Schlüsselgerät SG2 übertragen. In einer dort vorgesehenen Entschlüsselungsstufe E2 wird das Chiffrat mit der Parole 1 entschlüsselt und mit dem Stationsschlüssel SB und der Parole P2 anschließend in einer Verschlüsselungsstufe V2 verschlüsselt. Dieses Chiffrat wird wieder über die Fernleitung FL übertragen und gelangt im Schlüsselgerät SG1 zu einer dort vorgesehenen Entschlüsselungsstufe E1, die den Einfluß der Parole P2 rückgängig macht, und den Rest mit dem Stationsschlüssel SA entschlüsselt und anschließend mit der Parole P3 verschlüsselt und zur Station B zurücküberträgt. Dort entschlüsselt die Entschlüsselungsstufe E2 das Chiffrat mit der Parole P3, dem Stationsschlüssel SB und der Parole PO und gewinnt auf diese Weise den Schlüssel S, der im Schlüsselgenerator G2 zwischengespeichert wird. Anschließend kann mit einer Übertragung von Sendedaten SD1 begonnen werden, die mit dem Schlüssel S in der Verschlüsselungsstufe V1 verschlüsselt und mit dem gespeicherten Schlüssel S in der Entschlüsselungsstufe E2 entschlüsselt werden und als Empfangsdaten ED2 abgegeben werden. Falls derselbe Schlüssel für eine Übertragung der Daten in umgekehrter Richtung verwendet wird, werden die Sendedaten SD2 der Verschlüsselungsstufe V2 zugeführt, an der auch der Schlüssel S anliegt. In entsprechender Weise werden die verschlüsselt übertragenen Daten in der Entschlüsselungsstufe E1 unter Verwendung des Schlüssels S entschlüsselt und als Empfangsdaten ED1 abgegeben.In the block diagram shown in FIG. 3, those parts of the key devices SG1 and SG2 are shown which are necessary for carrying out the method when transmitting a key in one direction. In memories SP1 and SP2, the slogans are PO to P3 saved. Each key device contains a key generator G1 and G2, in which the temporary keys SA and SB are generated using a random generator. In addition, the key S can be generated and stored in the key generator G1, while in the example carried out it can only be stored in the key generator G2. In an encryption level V1, the key S is encrypted according to the functional diagram in FIG. 2 with the password P0, the station key SA and the password P1. The cipher is transmitted via the transmission unit U1 and the long-distance line FL to the transmission unit U2 and the key device SG2. In a decryption level E2 provided there, the cipher is decrypted with the password 1 and then encrypted with the station key SB and the password P2 in an encryption level V2. This cipher is transmitted again via the long-distance line FL and arrives in the key device SG1 at a decryption stage E1 provided there, which decrypts the influence of the password P2, and decrypts the rest with the station key SA and then encrypts it with the password P3 and transmits it back to station B. . There, the decryption stage E2 decrypts the cipher with the password P3, the station key SB and the password PO and in this way obtains the key S, which is temporarily stored in the key generator G2. Subsequently, transmission of transmission data SD1 can be started, which are encrypted with the key S in the encryption stage V1 and decrypted with the stored key S in the decryption stage E2 and are output as receive data ED2. If the same key is used for a transmission of the data in the opposite direction, the transmission data SD2 are supplied to the encryption level V2, at which the key S is also present. In a corresponding manner, the data transmitted in encrypted form is decrypted in the decryption stage E1 using the key S and output as received data ED1.

Claims (7)

1. Method of code transmission, wherein a code (S) is agreed upon between a transmitting station (A) and a receiving station (B) for the coded transmission of messages, and wherein in the transmitting station (A) and in the receiving station (B), there is respectively arranged a cipher machine (SG1, SG2), to which an individual station code (SA, SB) is assigned, characterised by the succession of the following steps
a) the transmitting station (A) encodes the code with the individual station code (SA) and a secret first catchword (P1), which is known to both stations (A, B), and transmits said code to the receiving station (B),
b) the receiving station (B) decodes the code (S), which has been transmitted in ciphered fashion, with the first catchword (P1), encodes said code with the individual station code (SB) and a second secret catchword (P2), which is known to both stations, and sends said code back to the transmitting station (A),
c) the transmitting station (A) decodes the ciphered code (S) with the second catchword (P2) and the individual station code (A, B) encodes said code with a secret third catchword (P3), which is known to both stations (A, B), and transmits said code to the receiving station (B),
d) the receiving station (B) decodes the ciphered code (S) with the third catchword (P3) and the individual station code (SB) and obtains the code (S).
2. Method as claimed in claim 1, characterised in that prior to the encoding with the individual station code (SA), in the transmitting station (A), the code (S) is encoded with a secret fourth catchword (PO), which is known to both stations, and after the decoding with the individual station code (SB), it is decoded with the fourth catchword (PO) in the receiving station (B).
3. Method as claimed in claim 1 or 2, characterised in that prior to the transmission of a code (S) by using the catchwords (P), a transmission of a code by using physically distributed apparatus- specific codes is effected.
4. Method as claimed in one of claims 1 to 3, characterised in that after transmission of a code (S) by means of the catchwords (P), further codes are transmitted at a later time by using catchwords (P).
5. Method as claimed in claim 4, characterised in that the transmission of the further codes with the respectively preceding codes (S) is effected in an encoded fashion.
6. Method as claimed in one of claims 1 to 5, characterised in that for each transmission direction an individual code (S) is transmitted by using the catchwords (P).
7. Method as claimed in claim 6, characterised in that the transmission of the codes for both transmission directions is effected by using the same catchwords (P).
EP82104678A 1981-06-11 1982-05-27 Method for key transmission Expired EP0067340B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE3123168A DE3123168C1 (en) 1981-06-11 1981-06-11 Key transfer procedure
DE3123168 1981-06-11

Publications (2)

Publication Number Publication Date
EP0067340A1 EP0067340A1 (en) 1982-12-22
EP0067340B1 true EP0067340B1 (en) 1984-09-05

Family

ID=6134459

Family Applications (1)

Application Number Title Priority Date Filing Date
EP82104678A Expired EP0067340B1 (en) 1981-06-11 1982-05-27 Method for key transmission

Country Status (3)

Country Link
US (1) US4578532A (en)
EP (1) EP0067340B1 (en)
DE (1) DE3123168C1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE426128B (en) * 1981-04-08 1982-12-06 Philips Svenska Ab METHOD FOR TRANSFER OF DATA MESSAGES BETWEEN TWO STATIONS, AND TRANSFER PLANT FOR EXECUTING THE METHOD
FR2549989B1 (en) * 1983-07-29 1985-09-13 Philips Ind Commerciale AUTHENTICATION SYSTEM BETWEEN A CARD READER AND A PAYMENT CARD EXCHANGING INFORMATION
DE3439159A1 (en) * 1984-01-25 1986-04-30 Philips Kommunikations Industrie AG, 8500 Nürnberg Dialling method secured against fraudulent use
DE3410936C2 (en) * 1984-03-24 1997-09-18 Philips Patentverwaltung Method for recognizing the unauthorized use of an identification assigned to a mobile radio station in a radio transmission system
DE3420874A1 (en) * 1984-06-05 1985-12-05 Licentia Patent-Verwaltungs-Gmbh, 6000 Frankfurt Method and arrangement for monitoring network access in telecommunications networks
US4688250A (en) * 1986-01-29 1987-08-18 Rca Corporation Apparatus and method for effecting a key change via a cryptographically protected link
US4797672A (en) * 1986-09-04 1989-01-10 Octel Communications Corp. Voice network security system
US4811377A (en) * 1987-07-31 1989-03-07 Motorola, Inc. Secure transfer of radio specific data
US4914696A (en) * 1988-08-15 1990-04-03 Motorola, Inc. Communications system with tandem scrambling devices
DE3919734C1 (en) * 1989-06-16 1990-12-06 Siemens Ag, 1000 Berlin Und 8000 Muenchen, De
US5161186A (en) * 1991-09-06 1992-11-03 International Business Machines Corporation System for secure and private communication in a triple-connected network
AU4599997A (en) * 1996-09-26 1998-04-17 Wallenstein & Wagner, Ltd. A system and method for securely transferring plaindata from a first location to a second location
GB2423221A (en) * 2005-02-14 2006-08-16 Ericsson Telefon Ab L M Key delivery method involving double acknowledgement
KR20090036335A (en) * 2007-10-09 2009-04-14 삼성전자주식회사 Method for providing key efficiently in mobile broadcasting system and the system thereof

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CH411983A (en) * 1963-10-18 1966-04-30 Gretag Ag Method for encrypting and decrypting pulse-shaped messages
DE2706421C2 (en) * 1977-02-16 1979-03-15 Licentia Patent-Verwaltungs-Gmbh, 6000 Frankfurt Procedure for setting ciphertext generators in encryption devices
US4203166A (en) * 1977-12-05 1980-05-13 International Business Machines Corporation Cryptographic file security for multiple domain networks
US4193131A (en) * 1977-12-05 1980-03-11 International Business Machines Corporation Cryptographic verification of operational keys used in communication networks
US4386234A (en) * 1977-12-05 1983-05-31 International Business Machines Corp. Cryptographic communication and file security using terminals
US4288659A (en) * 1979-05-21 1981-09-08 Atalla Technovations Method and means for securing the distribution of encoding keys
DE3150254A1 (en) * 1981-04-13 1983-07-14 Siemens AG, 1000 Berlin und 8000 München DEVICE FOR ENCRYPTED DIGITAL INFORMATION TRANSFER
US4458109A (en) * 1982-02-05 1984-07-03 Siemens Corporation Method and apparatus providing registered mail features in an electronic communication system

Also Published As

Publication number Publication date
US4578532A (en) 1986-03-25
DE3123168C1 (en) 1982-11-04
EP0067340A1 (en) 1982-12-22

Similar Documents

Publication Publication Date Title
EP0067340B1 (en) Method for key transmission
EP0482154B1 (en) Device for converting a digital block and the use thereof
DE69823834T2 (en) SAFETY PROCESS AND SYSTEM FOR TRANSMISSIONS IN REMOTE DETECTIVES
DE69735464T2 (en) Authentication method, communication method and information processing device
DE4317380C1 (en) Method for authentication between two electronic devices
DE60028900T2 (en) Automatic resynchronization of Geiheim synchronization information
EP0942856B1 (en) Process for securing the privacy of data transmission
CH656761A5 (en) DATA TRANSMISSION SYSTEM THAT HAS AN ENCRYPTION / DECRYLING DEVICE AT EACH END OF AT LEAST ONE DATA CONNECTION.
CH660822A5 (en) RANDOM PRIME GENERATOR IN A DATA ENCRYPTION SYSTEM WORKING WITH PUBLIC KEY.
DE2231849B2 (en) Encryption method to increase the decryption strength of binary data to be encrypted in blocks and arrangement for carrying out the method
CH639229A5 (en) ENCRYPTED MESSAGE TRANSMISSION METHOD.
DE2818587A1 (en) CIRCUIT ARRANGEMENT FOR MESSAGE TRANSMISSION
DE19924986A1 (en) Encryption conversion device for electronic toll collection
EP1298834A1 (en) Method and apparatus for encrypting and decrypting data
EP0956678B1 (en) Method and device for introducing a service key into a terminal
EP0090771B1 (en) Method and apparatus for the enciphered transmission of information
EP0048903A1 (en) Security system for preventing unauthorized manipulations during electronic text transmission in data networks
EP0067977A1 (en) Method and circuit arrangement for the distribution of keys on key devices
EP0307627B1 (en) Secret key generation and distribution method
DE3922642C2 (en)
DE3244537C2 (en)
DE19747827C2 (en) Method and device for inserting a service key into a terminal
DE4416705C1 (en) Electronic security device and method for operating it
EP0022986A1 (en) Method of enciphered data transmission in half-duplex operation between data terminal equipments of two data stations
EP0087758A2 (en) Method and apparatus for transmitting characters

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Designated state(s): GB NL

17P Request for examination filed

Effective date: 19830111

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Designated state(s): GB NL

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed
PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: NL

Payment date: 19860531

Year of fee payment: 5

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Effective date: 19871201

NLV4 Nl: lapsed or anulled due to non-payment of the annual fee
GBPC Gb: european patent ceased through non-payment of renewal fee
PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 19881121